If you’re an active Sony Playstation network user, you’re aware that it was “game over” last week as hackers made their way into the network and made off with a ton of your personal data. Sony has said that they are not certain whether sensitive credit card data was taken.
According to discussions in underground hacker forums, the hackers got your numbers.
Comments in these forums, which are being monitored by security researchers, reportedly claim that the hacked database included customer names, addresses, usernames, passwords and up to 2.2 million credit card numbers.
The hackers hope to sell the data for $100,000 according to Trend Micro senior threat researcher Kevin Stevens. According to one of the possible hackers, the data has been offered to Sony themselves but the company has allegedly not responded to the demands yet.
“To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list,” said Patrick Seybold, senior director of corporate communications and social media at Sony.
Not everyone is buying it.
“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,” said Mathew Solnik, a security consultant with iSEC Partners.
The hackers in the forum had detailed information about the servers that were attacked. The exploit they described is consistent with the presumed vulnerability – hacking into a Playstation 3 console and attacking through the hardware credentials once on the network.
I think Sony should do the right thing here and buy the data back from the hackers (pending it’s authentication, of course), as well as have the hackers provide details of the attack so they can then close the vulnerability.
Think about it – the data was exposed because of a shortcoming on Sony’s part. If they have an opportunity to take that data off the market and secure their system, they should do so, at their expense. It is not up to Sony customers (through time, effort, pain and money) to pay for the company’s mistake.
lol how would you trust the hackers would just give the data back and delete it?
And now gamestop and gametraders have quit taking PS3 games or systems. This looks bad for the platform and as if a come back isn’t happening.
Wow they were smart enough to get the data but they use a secret “underground hacker forum” that can just be monitored by any security researcher. They are also apparently not smart enough to make a million copies and instead of selling one copy to the highest bidder but sell it to anyone for any amount of money. Did they say on their super secret public forum for criminal hackers if they had already broken the encryption on the CC data or if the list was for sale as is?
Give me a break this is one of the biggest pieces of trash I have ever read that is only playing off people’s fears and not even the least bit credible.
If Sony were to give in and pay the 100,000 then what’s to stop the next hackers from doing something similar and asking for 200,000 or 300,000. Paying up sends the wrong message.
The last lines of this article got me thinking, is it being alluded to that they used a hacked ps3 to gain access to the network?
If so, that would mean GEOHOT, Sony’s old number 1 enemy is going to have more problems on his hands even though nosy settled their case against him out of court.
So, I wonder if sony bought the data back…I have never heard that untill now…